Brandon Consulting Associates
Senior Auditor, Information Technology Audit - AVP (Fulltime, Remote) - NY
Brandon Consulting Associates, New York, New York, us, 10261
Job Summary
Execute information technology audits encompassing the areas of IT general controls, application controls, IT processes, project management and data integrity audit projects/initiatives utilizing information technology control frameworks, such as NIST CSF, ITIL, COBIT, and FFIEC, or other relevant regulatory guidance (e.g., NYSDFS 500, GLBA, etc.), where applicable.
Job Description
Essential functions include: Help prepare a risk-based audit program, document and execute test steps and high quality work papers for IT and integrated application audits, with alignment to current regulatory requirements and expectations (e.g. FFIEC, NYSDFS 500, GLBA, etc.) and emerging risks. Assist in the preparation of audit reports and draft findings. Stay abreast of industry IT trends to identify potential issues and risks, as well as relevant best practices, laws, rules and regulations impacting financial institutions and ensuring that the changes are incorporated into the audit planning and risk assessment process. Leverage knowledge of systems and data to perform and document all reviews in a manner consistent with acceptable professional standards, including supporting audit procedures, findings and results. Follow-up on open audit issues and validate their resolution, review evidence of closure of findings and determine that evidence of remediation is appropriate to effectively mitigate the risks raised. Effectively present/communicate audit observations to management, as requested by audit management. Participate in department-wide initiatives and perform other duties as assigned. Qualifications
Minimum five years of information technology audit experience in financial services and/or public accounting firm. Demonstrated experience in executing all aspects of the audit lifecycle, including planning, risk assessment, scoping, detailed testing, reporting, issue follow-up and validation. Strong project management and time management skills, ability to effectively balance competing priorities, and demonstrated success in delivering on-time and on-budget work product. Bachelor's degree in Information Technology, Business, Accounting, Finance or related field is required. Knowledge, understanding and experience in one or more information technology risk and control areas including logical and physical security, system development lifecycle (e.g. Agile and Waterfall), change management, IT operations, business continuity management and infrastructure (network, operating systems, databases, data center, etc.). Knowledge and experience utilizing relevant industry frameworks and regulatory guidance (e.g. COBIT, ITIL, NIST, FFIEC, ISO 27002, etc.) and applicable banking regulations. Demonstrated ability to adapt quickly to changing demands and environment and rapidly develop in-depth knowledge of new audit areas. Excellent verbal and written communication skills and ability to professionally and effectively interact with all levels of management. Ability to utilize appropriate tools to enhance the audit process. One of the following certifications is preferred:
Certified Information System Auditor (CISA) Certification specific to the information technology industry such as, Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Privacy Professional (CIPP), Certified in the Governance of Enterprise IT (CGEIT), Certified Information Security Manager (CISM).
Execute information technology audits encompassing the areas of IT general controls, application controls, IT processes, project management and data integrity audit projects/initiatives utilizing information technology control frameworks, such as NIST CSF, ITIL, COBIT, and FFIEC, or other relevant regulatory guidance (e.g., NYSDFS 500, GLBA, etc.), where applicable.
Job Description
Essential functions include: Help prepare a risk-based audit program, document and execute test steps and high quality work papers for IT and integrated application audits, with alignment to current regulatory requirements and expectations (e.g. FFIEC, NYSDFS 500, GLBA, etc.) and emerging risks. Assist in the preparation of audit reports and draft findings. Stay abreast of industry IT trends to identify potential issues and risks, as well as relevant best practices, laws, rules and regulations impacting financial institutions and ensuring that the changes are incorporated into the audit planning and risk assessment process. Leverage knowledge of systems and data to perform and document all reviews in a manner consistent with acceptable professional standards, including supporting audit procedures, findings and results. Follow-up on open audit issues and validate their resolution, review evidence of closure of findings and determine that evidence of remediation is appropriate to effectively mitigate the risks raised. Effectively present/communicate audit observations to management, as requested by audit management. Participate in department-wide initiatives and perform other duties as assigned. Qualifications
Minimum five years of information technology audit experience in financial services and/or public accounting firm. Demonstrated experience in executing all aspects of the audit lifecycle, including planning, risk assessment, scoping, detailed testing, reporting, issue follow-up and validation. Strong project management and time management skills, ability to effectively balance competing priorities, and demonstrated success in delivering on-time and on-budget work product. Bachelor's degree in Information Technology, Business, Accounting, Finance or related field is required. Knowledge, understanding and experience in one or more information technology risk and control areas including logical and physical security, system development lifecycle (e.g. Agile and Waterfall), change management, IT operations, business continuity management and infrastructure (network, operating systems, databases, data center, etc.). Knowledge and experience utilizing relevant industry frameworks and regulatory guidance (e.g. COBIT, ITIL, NIST, FFIEC, ISO 27002, etc.) and applicable banking regulations. Demonstrated ability to adapt quickly to changing demands and environment and rapidly develop in-depth knowledge of new audit areas. Excellent verbal and written communication skills and ability to professionally and effectively interact with all levels of management. Ability to utilize appropriate tools to enhance the audit process. One of the following certifications is preferred:
Certified Information System Auditor (CISA) Certification specific to the information technology industry such as, Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Privacy Professional (CIPP), Certified in the Governance of Enterprise IT (CGEIT), Certified Information Security Manager (CISM).